Welcome to vInsanity.uk

Just another Blog site 🙂

Adding Certificate to VMware vCenter 8.0U3

by

Phil_w@outlook.com

Step 1 Backup vCenter

Step 2 Snapshot vCenter

The certificate authority i was using was Windows Server 2022

I’d used this article to create a template, Remoted onto the certificate server:

https://knowledge.broadcom.com/external/article?articleNumber=315271

Creating a new template for vSphere to use for VMCA as a Subordinate CA

  1. Connecting to the CA server, you will be generating the certificates from through an RDP session.
  2. Click Start > Run, type certtmpl.msc, and click OK.
  3. In the Certificate Template Console, under Template Display Name, right-click Subordinate Certificate Authority and click Duplicate Template.
  4. In the Duplicate Template window, select Windows 7 / Server 2008 R2 Enterprise for backward compatibility.

Note: If you have an encryption level higher than SHA1, select Windows Server 2012 Enterprise.

  1. Click the General tab.
  2. In the Template display name field, enter vSphere VMCA as the name of the new template.
  3. Ensure Publish certificate in Active Directory is selected.
  4. Click the Extensions tab.
  5. Click Basic Constraints and click Edit.
  6. Click the Enable this extension check box and click OK.
  7. Select Key Usage and click Edit.
  8. Ensure that Digital Signature, Certificate signing and CRL signing are enabled.
  9. Ensure that Make this extension critical is enabled.
  10. Click OK.
  11. Click OK to save the template.
  12. Proceed to Adding a new template to certificate templates section in the article to make the newly created certificate template available.

Adding a new template to certificate templates

  1. Connecting to the CA server, you will be generating the certificates from through an RDP session.
  2. Click Start > Run, type certsrv.msc, and click OK.
  3. In the left pane of the Certificate Console, if collapsed, expand the node by clicking the + icon.
  4. Right-click Certificate Templates and click New > Certificate Template to Issue.
  5. Locate vSphere VMCA under the Name column.
  6. Click OK.

Go back to the vCenter and click the 3 lines on the left, Administration.

Certificate Management:

Click Generate Certificate Signing Request

Complete your information and click next

The output your given, save that in a file called Request.csr (Be sure to remove any trailing spaces)

Take the file or copy the content over to your certificate authority:

I’m using localhost/certsrv:

Click request a certificate

then I’d clicked ‘Submit a certificate request by using a base-64-encoded CMC’

Paste your request in the top box and select vSphere VMCA for the template.

In Attributes put san:dns=FQDN of the vCenter server (no HTTPs)

example attributes san:dns=vCenter01.domain.local

Click submit

Base 64 encoded, then download certificate:

I’d separated out the certs by downloading the two files above. first one is the certificate i called that Cert.csr.

Second file gave me the root and issuing certificate, i called that Root.csr

i setup the root and issuing certificate in a single file like this called Root.csr:

Bottom Root, Top issuing CA

Click Import and replace in vCenter:

Cert.csr in the top, root in the bottom:

That worked spot on for me

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Archives

Tags

403 9000 Antrea ARIA OPS automation AWS Bash blueprint Cert Certificate Critical Disk space on SDDC Edge VM Not Present Enabling VMware HA Failed to deploy HCX K8S Kubernetes MTU NSX NSX-T Orchestrator OVA import error Saltstack SDDC Manager skyline Tanzu ThrowableProxy.cause Troubleshooting vCD VCF VCF 4.2 VCF on VxRail VMware VMware Cloud Foundation VRA VRA8 vSAN vSphere vSphere8 VxRail VxRail Manager WIndows Workflows Workspace one